Securing the Cloud: Behavior is Better than Rules
November 4, 2021
Unless you’ve been living on a deserted island for the past decade or so, you know most of our modern life exists as a part of the cloud. Whether it’s web-based email, online storage of photos, or using social media, the cloud is integral to many of the necessities and conveniences of daily life. But what *is* the cloud?
At a high level, the cloud consists of servers, software, and databases that can be accessed over the internet, located in data centers all over the globe. Using virtualization, a single physical server can be partitioned into many virtual servers, and though these virtual machines exist in the same physical box, they are independent of each other.
Who benefits? Everyone!
Two or more parties come together in business transactions for mutual benefit, and the cloud is no exception. The cloud providers benefit by offering their services to their customers, and customers benefit by removing some of their IT costs and overhead.
End users benefit because they can access their cloud services using almost any device from almost any location in the world. An example of this is the ability to log into a Gmail or Facebook account from almost anywhere using almost any device.
But even with its global utility, the cloud isn’t all rainbows, puppies, and hugs.
The cloud is complex
The cloud’s requirements of 24/7 uptime, elastic scalability, and continuous improvement necessitates “a new approach that allows security teams to become an enabling partner to DevOps, while continuously validating cloud configurations and activities,” according to Ulfar Elingsson, Lacework’s chief architect.
With all the cloud has to offer, it’s no wonder companies have already leaned into it:
- 94 percent of enterprises already use a cloud service
- 83 percent of enterprise workloads in 2020 ran in the cloud
- Average companies use five different clouds*
Public cloud adoption is also way up:
- The global public cloud service market should exceed $310B in 2021, for a CAGR of 17.3 percent since 2018
- More than $1.3T in IT spending will have some involvement with the cloud by 2022
- 30 percent of total IT budgets went to cloud computing in 2018*
*Hosting Tribunal’s Cloud Adoption Statistics for 2021 report (https://hostingtribunal.com/blog/cloud-adoption-statistics/#gref
The cloud offers companies an alternative to operating their own in-house IT infrastructures, with ready access to compute, storage, networking, and infrastructure resources and components on demand, as and when they’re needed.
Why behavior beats rules for security purposes
Traditional security management tools often rely on rules to watch for problems. Rules, however, also require considerable time and effort to configure, implement, and fine tune. Challenges of rule-based security are:
- Rules must be formulated in advance
- Rules requires you to predict the behavior of known threats, but can’t protect against breaches that don’t fit the rules
- Rule writing may involve a steep learning curve, requiring time, money, and personnel
- Rules require constant tuning, checking, and adjustment as threats evolve
Companies with rules-based security can spend significant time tweaking rules and investigating the hundreds or thousands of alerts their tools report. For those seeking an alternative to the limits of rules-based security should consider an anomaly-based detection platform.
Anomaly detection security constantly scans and learns from observed, actual behavior of the system it’s protecting. Once it’s collected and analyzed normal behavior, these systems look for behavior falling outside of that baseline and send alerts to the security team.
This delivers highly accurate results, as it not only catches known threats but can also discover the “unknown unknowns” many rules-based systems will miss completely.
Anomaly detection is worthless if you can’t see what’s going on in your infrastructure. While good cloud security automation provides visibility into your systems.
Exploiting full visibility
In brief, visibility means your security information (such as logs and monitoring data, as well as access management systems and data) is available and transparent.
Visibility means anomaly-based security tools can employ artificial intelligence (AI) and machine learning (ML) to elicit insights and observe patterns, both benign and malignant, based on ongoing behaviors and the ways in which they produce and consume data:
- Multi-cloud considerations: When it comes to workloads in the cloud, security should be a top priority
- Container considerations: Organizations must understand the context in which applications and their data run in containers
- Kubernetes considerations: Kubernetes uses a different approach to provisioning, orchestrating, and running applications and their data in the cloud
Make sure your security can scale
Although the mechanics of how the cloud operates can vary slightly, the main point to remember when thinking about the cloud: it’s always someone else’s computer. As such, ensuring your apps, data, and other information is both secure and accessible is paramount. Although cloud deployments have vulnerabilities and security concerns that make them challenging to keep safe, every cloud has a silver lining.
Our ebook, Cloud Security Automation for Dummies®, describes these challenges, and outlines how to keep your systems safe, secure, and filled with the rainbows and hugs you deserve.
Copyright 2021 Lacework Inc. All rights reserved.